What is monitor mode – Dell POWEREDGE M1000E User Manual

Configuring 802.1X and Port-Based Security

515

port. The port is assigned a Guest VLAN ID and is moved to the authorized

status. Disabling the supplicant mode does not clear the ports that are already

authorized and assigned Guest VLAN IDs.

What is Monitor Mode?

The monitor mode is a special mode that can be enabled in conjunction with

802.1X authentication. It allows network access even in case where there is a

failure to authenticate but logs the results of the authentication process for

diagnostic purposes. Monitor mode provides a way for network administrators

to identify possible issues with the 802.1X configuration on the switch

without affecting the network access to the users of the switch.
The monitor mode can be configured globally on a switch. If the switch fails

to authenticate a user for any reason (for example, RADIUS access reject

from RADIUS server, RADIUS timeout, or the client itself is Dot1x unaware),

the client is authenticated and is undisturbed by the failure condition(s).

The reasons for failure are logged and buffered into the local logging database

for tracking purposes.
Table 19-1 provides a summary of the 802.1X Monitor Mode behavior.

Table 19-1. IEEE 802.1X Monitor Mode Behavior

Case

Sub-case

Regular Dot1x

Dot1x Monitor Mode

RADIUS/Local

Success

Success

Port State: Permit

VLAN: Assigned

Filter: Assigned

Port State: Permit

VLAN: Assigned

Filter: Assigned

Incorrect NAS Port Port State: Deny

Port State: Permit

VLAN: Default

Invalid VLAN

Assignment

Port State: Deny

Port State: Permit

VLAN: Default

Invalid Filter-id

Port State: Deny

Port State: Permit

VLAN: Default

Bad RADIUS packet Port State: Deny

Port State: Permit

VLAN: Default

RADIUS/Local

Failure

Default behavior

Port State: Deny

Port State: Permit

VLAN: Default